📄 Dazmii Incident Response Policy

For Salesforce & MuleSoft-Integrated Specification Data Platforms

🔒 Purpose

This document outlines the procedures Dazmii follows in the event of a security incident involving its Salesforce-based Specification Data Management platform and any integrated systems (e.g., MuleSoft, SharePoint, Office 365). The objective is to ensure prompt detection, effective containment, transparent communication, and documented resolution of incidents that could impact the confidentiality, integrity, or availability of client data.

📘 Scope

This policy applies to all incidents affecting:

Salesforce orgs provisioned and managed by Dazmii
MuleSoft-integrated pipelines and APIs
Connected platforms such as SharePoint, OneDrive, or external PLM systems
Any user data or specification content hosted, processed, or transferred by Dazmii-managed systems

🚨 Definition of a Security Incident

An incident is any event (confirmed or suspected) that may compromise the following:

Unauthorized access to data or systems
Data loss, corruption, or exposure
Service disruption affecting platform availability
Misuse of credentials or abuse of API integrations
Breach of integration trust (e.g., API key leak, token compromise)
Malicious activity (e.g., data exfiltration, injection attack, privilege escalation)

🧭 Incident Response Lifecycle

Dazmii follows a six-phase response model:

1. Identification

24/7 monitoring of Salesforce Event Logs, MuleSoft API logs, and system alerts
Anomalies flagged by automated alerts, customer reports, or periodic audit scans
Initial assessment within 1 business hour of detection

2. Containment

Immediate access restrictions (e.g., user lockouts, IP blocks, session invalidation)
Disable affected API keys, tokens, or MuleSoft flows
Quarantine impacted components to prevent further exposure

3. Notification

Initial client notification within 4 hours of confirmed incident affecting customer data
Ongoing updates at least once every 24 hours during active investigation
Notification channels: email, phone, or customer-specific protocols

4. Eradication

Removal of malicious components, backdoors, or misconfigured integrations
Patch and reconfigure affected systems or automations
Validate with secondary scans before restoring access

5. Recovery

System and data restoration from backups (if needed)
Reinstate services and confirm operational integrity
Perform security regression testing before closing incident

6. Post-Incident Review

Root cause analysis (RCA) shared with client
Preventive controls updated or implemented
Incident logged for audit readiness and trend analysis

🕓 Severity Levels & Response Times

Severity	Description	Initial Response	Client Notification
High	Confirmed data breach or unauthorized access to sensitive records	1 hour	≤ 4 hours
Medium	Service degradation or suspicious behavior with no confirmed breach	4 hours	≤ 8 hours
Low	Non-impactful anomalies or minor misconfigurations	24 hours	As needed

📧 Contact Points

Clients should report potential incidents through the following channels:

Support Email: TheHelp@dazmii.com
24/7 Hotline: +1 (206)-619-1270
Customer Portal: https://dazmii.my.site.com

Incident reports should include any observed symptoms, user actions, file names, or integration behaviors to expedite triage.

✅ Testing & Training

Dazmii conducts annual incident response drills simulating breach scenarios.
Staff with platform or data access complete security awareness training annually.
This policy is reviewed and updated at least once per year or after any major incident.

🗃️ Related Policies

🔚 Final Note

Dazmii is committed to safeguarding your data. We view security as a shared responsibility and are happy to coordinate joint incident response efforts with your internal InfoSec team when needed.